Key Points
- Connect your reseller or carrier IDs in Apple Business Manager (ABM) to your organization and Location.
- When working with older devices, use Apple Configurator on a Mac to prepare and add them manually.
- Assign the devices in your ABM to your primary MDM server and Location for consistent configuration and licensing.
- Create supervised enrollment profiles that enforce security policies, skip consumer setup screens, and install core management agents and certificates.
- Export device and server assignment reports weekly to verify enrollment coverage. Rotate MDM server tokens before expiry and log failed enrollments and exceptions.
- Allocate Apps and Books licenses by Location and use device-based assignment to avoid Apple ID prompts.
Apple Business Manager is the source of truth for Apple device ownership. When you add devices to Apple Business Manager correctly, you’ll get a lot of benefits. You can assign them to your MDM server and add a location. And as long as you follow the proper procedure, enrollment becomes easy and predictable.
A guide for adding devices to Apple Business Manager
📌 Prerequisites:
- You need to have ABM configured for your organization. It should have at least one location for Apps and Books.
- You need to have an MDM server added in ABM with a current server token and a matching enrollment profile on the MDM side.
- You need a linked reseller or carrier numbers for automatic device assignment when purchasing new hardware.
- You need a Mac with Apple Configurator for adding existing devices that qualify.
Method 1: Link purchasing to ABM for automatic adds
Link authorized reseller or carrier IDs to your organization and Location in your Apple Business Manager account. That way, you can verify that new orders appear under Devices with the correct serials and models. To do this, follow these steps:
- Log in to Apple Business Manager.
- Go to Settings > Device Management Settings > Customer Numbers / Reseller IDs.
- Enter the Reseller ID or Carrier ID.
- Link it to your organization and the specific Location (in ABM, a “Location” typically represents a department, office, or business unit).
To verify:
- Go to Devices.
- Search by serial number, order number, or device type.
- Confirm that devices show the correct serial numbers, models (e.g., iPhone 15, MacBook Air M2), and purchase date.
You can also create an automatic assignment rule that sends incoming serials to your primary MDM server and Location. To do that, you should:
- Go to Devices > Device Assignments > Edit Device Management Settings.
- Choose your primary MDM server.
- Create an Automatic Assignment Rule such as: “Assign all new iPhone, iPad, and Mac devices to Primary MDM Server and Headquarters Location.”
Method 2: Add existing iPhone and iPad with Apple Configurator
- Plug the iPhone or iPad into a Mac computer.
- Open Apple Configurator.
- Select the connected device.
- Click Prepare > Automated Device Enrollment (ADE).
- Sign in using your Apple Business Manager (ABM) credentials when prompted.
- Choose the organization you want to add the device to.
- Select the MDM server to which this device should be assigned.
- Pick the Location (a department or site defined in ABM) for inventory and license tracking.
- Under Setup Options, you’ll see:
- Supervise Device – This enables advanced management features like installing apps silently, restricting settings, or enforcing compliance.
- Restrict pairing – This prevents users from connecting the device to another Mac or PC to sync or remove management controls.
Once you’re done with all the steps, Apple Configurator will erase and reload the device with a fresh setup. Once that’s done, the device will be automatically registered in ABM. When the device is turned on, you should see a message like “This iPhone is managed by [Your Organization].”
Method 3: Add Mac computers with Apple Configurator
- You’re going to need a second Mac computer with admin rights and Apple Configurator 2 installed.
- Connect the Mac computer you want to add to the Mac computer with admin rights.
- Open Apple Configurator > Add Mac to Apple Business Manager.
- Follow the prompts.
- Assign the device to your MDM server.
- Choose the correct Location (your office, department, or business unit) so device ownership and licensing stay organized.
Assign devices to the MDM server and Location
- Log in to Apple Business Manager.
- Go to Devices > View Devices.
- You can find devices in two ways:
- Search by Serial Number: This is ideal if you’re only looking for one or two devices.
- Search by Order Number: This is useful if you purchased multiple devices under a single order.
Every device will also have an assigned location. To view device information using location, follow these steps:
- Go to Settings > Locations.
- Confirm that each device is assigned to the correct Location.
The Location determines the following:
- Which licenses and apps are available for the device
- Which policies or configurations apply in your MDM
To automatically enroll a new device in your MDM once it’s turned on for the first time, apply supervision, skip consumer setup screens, and configure everything based on your policies, follow these steps:
- Download the ABM Server Token (a .p7m file) from ABM under Settings > MDM Servers > Download Token.
- Go to your MDM console.
- Upload that token. This links your MDM system with ABM and enables automatic synchronization of devices.
- Create or verify the default enrollment profile, which will define how devices should be set up when enrolled.
Apple device enrollment best practices
Understand manual add options and limits
For some workflows, you can add devices to ABM after you buy them using Apple Configurator, even without reseller linkage. In that case, just follow the regular procedures. But, if a device or OS version can’t be added using the Apple configurator, apply user enrollment procedures for BYOD or plan a replacement through authorized channels.
Keep a record of exceptions made and add timelines to migrate to fully managed supervised enrollment to encourage transparency and accountability.
Build a supervised enrollment profile
Enrollment profiles will vary depending on your organization’s needs. However, these are some things you should generally have for your supervised enrollment profile:
- Require supervision to enable restrictions, Lost Mode, and device-based app installs.
- Choose user affinity based on ownership: user affinity for individually assigned devices, no affinity for shared or kiosk devices.
- Skip consumer setup panes such as Apple Pay or FaceTime where policy requires.
- Install core agents and certificates during enrollment.
Operate your devices with checks and evidence
Keep a weekly export of Devices by Location, Assigned Server, and Last Enrollment. This ensures that all your Apple devices are properly registered and have the correct enrollment profiles applied.
You should also track failed enrollments and common causes such as expired server tokens or profile conflicts, how they were resolved, and how long it took. This encourages transparency and accountability and ensures that all your devices are properly registered.
Finally, don’t forget to rotate MDM server tokens on schedule and set reminders before expiry for security. And if you have to enforce a rollback, reassign devices ABM, and erase to force correct enrollment.
Apps and licensing hygiene
Here are some apps and licensing best practices you should apply to your own organization:
- Allocate Apps and Books licenses at the owning Location.
- Use device-based assignment on supervised devices to avoid Apple ID prompts.
- Keep a minimal first-day app set and expand by smart groups after enrollment.
Best practices summary table for Apple Business Manager enrollment
| Practice | Purpose | Value Delivered |
| Auto assignment from resellers | This ensures a zero-touch intake. | You’ll have fewer manual steps and errors. |
| Configurator add for existing devices | This closes the device enrollment gap. | You can easily bring legacy stock under management. |
| Supervised enrollment profiles | This gives you stronger control over your devices. | You’ll have reliable restrictions and recovery. |
| Locations and roles | This gives you clean ownership. | You’ll have predictable licensing and access. |
| Token rotation and exports | This gives you reliability and evidence. | You’ll have fewer silent failures and faster audits. |
NinjaOne integration ideas for using Apple Business Manager
You can use NinjaOne tools to:
- Trigger follow-up tasks for devices added in ABM but not yet enrolled in the MDM
- Attach ABM and MDM inventory exports to IT documentation.
- Open tickets when MDM server tokens near expiry or when supervised devices enroll without the required profile.
Optimize Apple device enrollment in your organization
Aligning ABM intake, MDM assignment, and supervised profiles is crucial. If everything goes according to plan, you should be able to enroll Apple devices consistently with minimal intervention. By exporting assignments, monitoring token health, and keeping a clear rollback, you can scale deployments and show clean evidence to stakeholders.
Related Links:
